Introduction

Well, most beginner and intermediate programmers like to play with cryptography. This is the part that took me to some trouble in my life. A good encryption and decryption code is easily found on the Internet and even on The Code Project. Why another? I did not find a suitable reason behind that. And when I found some, I mixed them up and this is the result. I wanted to share the result and hence this article.

The Solution

I included a tiny demo solution with an implementation of the segment. Hope it helps you. As you see from the snapshot, the CryptorEngine class holds the two static methods encryption and decryption. The reason I put them into a separate file is because it is the best practice as far as I know and most importantly, other blocks can access these methods easily.

The Encryption

The encrypt method goes like this. I need to say something about the cipherMode of the tripleDES cryptographic service provider. We used the ECB(Electronic Code Book). The ECB mode encrypts each block individually. This means that any blocks of plain text that are identical and are in the same message or even in a different message but encrypted with the same key will be transformed into identical cipher text blocks. If the plain text to be encrypted contains substantial repetition, it is feasible for the cipher text to be broken one block at a time. Also it is possible for an active adversary to substitute and exchange individual blocks without detection. If a single bit of the cipher text block is mangled, the entire corresponding plain text block will be mangled.

Decryption

Well, as you can see, the decryption method is kind of opposite of the encryption. I talked about the Cipher Mode ECB in the encrypt section. Now let's talk about the padding mode PKCS7. Padding comes when a message data block is shorter than the full number of bytes needed for a cryptographic operation. Why did we choose PCKS7. Because PCKS#7 padding string consists of a sequence of bytes, each of which is equal to the total number of padding bytes added.

Web.Config/App.Config file. Why?

Well, you want to change your key. But you are not the developer or you do not even have the source?! Then what. Thanks to Web.config/app.config file idea. Keep your secret key in the config file. Change it when you need it.

<?xmlversion="1.0"encoding="utf-8"?><configuration>
// The Code Project does not recognize these tags if i put<>.
// So you Put <> beside the words
appSettings>

How to Use

To use the code sample, you can copy the CryptorEngine to your project and start playing or copy the method bodies and paste them to your application projects.

To Do

You can try to encrypt the key and save it (encrypted) to the config file for an extra bit of security.

Conclusion

This code works fine with .NET 1.1. I built the project in Visual Studio 2005 because some methods expired in .NET 2.0 and changed. For example, the configuration namespace is changed a lot. So I built the example in Visual Studio 2005 to see if it works on v2.0 too. And it works with ZERO change and ZERO error.

Share

About the Author

I am Syed Moshiur Murshed from Bangladesh. I studied BSC in Computer Science at American International University Bangladesh(www.aiub.edu). And then MSC in Software Technology at Stuttgart University of Applied Science, Germany(www.hft-stuttgart.de). Currently I am employed as a Software Engineer at Pöyry Infra GmbH in Salzburg, Austria since 04-2011.I have been learning C# for quite some time and Enjoying it.

Comments and Discussions

Is it possible to get the fixed length encrypted string output from the algorithm ?Because i will give 24 character input, and i want 64 character Encrypted output and the output should be Decrypted also..So please give me the code for this...

Actually i need to generate a unique key for a license verification process for my product..so i want the exact output of 64 character output. But in the above project if i give 24 character in the clear text value im geting only 44 character Encrypted Text as output.So what i have to do to get 64 character Encrypted text??Please help me..

Just thought I would mention this as new developers may run into the same problem I had. I copied this code and tried it and couldnt get it to work. I kept getting the error below.

Specified key is not a valid size for this algorithm

After trying different keys without success, I learned that the length of the key matters. TripleDES encryption requires a key that is 24 characters in length. If you want to switch to simple DES encryption, the key must be 8 chars in length. If you use a key with a different length, you will get the exception mentioned earlier.

I found that as well but I got around it by adding a new function that checks the key length.

Psuedo code:

if keyArray > 24 then trim(keyArray) to 24 characterselse if keyarray < 24 then padding(keyArray) to 24 characters

That works like a charm, if your padding the keyArray then you will need an additional function to generate some random characters. I just used a simple function that picks some random characters out of an array and injects them into the keyArray until its the right size.